VulnerableCode Package Details - pkg:ebuild/dev-db/phpmyadmin@4.8.4

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-986a-3m4g-83ge	Cross-Site Request Forgery (CSRF) By deceiving a user into clicking on a crafted URL, it is possible to perform harmful SQL operations such as renaming databases, creating new `tables/routines`, deleting designer pages, `adding/deleting` users, updating user passwords, killing SQL processes.	CVE-2018-19969 GHSA-xwf2-53mc-r8hx
VCID-9auw-hwad-ybaf	Improper Authentication An issue was discovered in phpMyAdm in which an attacker can include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for allowed pages.	CVE-2018-12613 GHSA-x394-g9j8-x7mf
VCID-ebk2-vjau-57h9	Information Exposure An attacker can exploit phpMyAdm to leak the contents of a local file because of an error in the transformation feature. The attacker must have access to the phpMyAdmin Configuration Storage tables, although these can easily be created in any database to which the attacker has access. An attacker must have valid credentials to log in to phpMyAdmin; this vulnerability does not allow an attacker to circumvent the login system.	CVE-2018-19968 GHSA-xc97-r49q-cxgc
VCID-qcra-cu62-43he	Cross-site Scripting In phpMyAdm, an XSS vulnerability was found in the navigation tree, where an attacker can deliver a payload to a user through a crafted `database/table` name.	CVE-2018-19970 GHSA-8987-93fh-rcwq

Vulnerability

Summary

Aliases

VCID-986a-3m4g-83ge

Cross-Site Request Forgery (CSRF) By deceiving a user into clicking on a crafted URL, it is possible to perform harmful SQL operations such as renaming databases, creating new `tables/routines`, deleting designer pages, `adding/deleting` users, updating user passwords, killing SQL processes.

CVE-2018-19969
GHSA-xwf2-53mc-r8hx

VCID-9auw-hwad-ybaf

Improper Authentication An issue was discovered in phpMyAdm in which an attacker can include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for allowed pages.

CVE-2018-12613
GHSA-x394-g9j8-x7mf

VCID-ebk2-vjau-57h9

Information Exposure An attacker can exploit phpMyAdm to leak the contents of a local file because of an error in the transformation feature. The attacker must have access to the phpMyAdmin Configuration Storage tables, although these can easily be created in any database to which the attacker has access. An attacker must have valid credentials to log in to phpMyAdmin; this vulnerability does not allow an attacker to circumvent the login system.

CVE-2018-19968
GHSA-xc97-r49q-cxgc

VCID-qcra-cu62-43he

Cross-site Scripting In phpMyAdm, an XSS vulnerability was found in the navigation tree, where an attacker can deliver a payload to a user through a crafted `database/table` name.

CVE-2018-19970
GHSA-8987-93fh-rcwq

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T13:03:35.096595+00:00	Gentoo Importer	Fixing	VCID-qcra-cu62-43he	https://security.gentoo.org/glsa/201904-16	38.0.0
2026-04-01T13:03:35.086665+00:00	Gentoo Importer	Fixing	VCID-986a-3m4g-83ge	https://security.gentoo.org/glsa/201904-16	38.0.0
2026-04-01T13:03:35.077053+00:00	Gentoo Importer	Fixing	VCID-ebk2-vjau-57h9	https://security.gentoo.org/glsa/201904-16	38.0.0
2026-04-01T13:03:35.068091+00:00	Gentoo Importer	Fixing	VCID-9auw-hwad-ybaf	https://security.gentoo.org/glsa/201904-16	38.0.0